Capital College --- Remote Access guideline: IIT–RAP–AD20 

1.0 Purpose
The purpose of this guideline is to define standards for connecting to Capital College's Local Area Networks from any host. These standards are designed to minimize the potential exposure to the Capital College from damages which may result from unauthorized use of the Capital College resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image; damage to critical the Capital College internal systems, etc.

The policy here is developed for Penn State Harrisburg but the overall University Policy AD20 (Computer and Network Security) applies.

2.0  Scope
This guideline applies to all the Capital College employees, contractors, consultants, temporary personnel, and other workers or students with a Capital College-owned or personally-owned computer or workstation used to connect to the Capital College network. This guideline applies to remote access connections used to do work on behalf of the Capital College, including reading or sending email and viewing intranet web resources.

 
Remote access implementations that are covered by this guideline include, but are not limited to, dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems, etc.

3.0  General

  1. It is the responsibility of the Capital College employees, contractors, vendors and agents with remote access privileges to the Capital College's local area networks to ensure that their remote access connection is given the same consideration as the user's on-site connection to the Capital College.  Generally, the remote access will be granted using the campus Administrative and Academic LANs.
  2. General access to the Capital College Local Area Network for recreational use by immediate household members through on personal computers is not permitted.  The Capital College Local Area Network will be used for teaching, learning and research business related to Penn State only.
  3. Please review the following policies for details of protecting information when accessing the corporate network via remote access methods, and acceptable use of the Capital College's network:

·         Virtual Private Network (VPN) guideline

·         Wireless Communication guideline

·         Acceptable Computer Use guideline

 

4.0  Requirements

a.       Please review the following policies for details of protecting information when accessing the corporate network via remote access methods, and acceptable use of the Capital College's network:

·       Secure remote access must be strictly controlled. Control will be enforced via the Capital College’s VPN gateway and VPN concentrator.

·       At no time should a Capital College employee provide their login or email password to anyone, not even family members.  

·       The Capital College employees and contractors with remote access privileges must ensure that their the Capital College-owned or personal computer or workstation, which is remotely connected to the Capital College's Local Area Network, is not connected to any other network at the same time, with the exception of personal networks that are under the complete control of the user.   For example, a user may have a private wireless network at home, but be using the Capital College VPN service to connect to the Administrative LAN remotely.

·       All hosts that are connected to the Capital College internal networks via remote access technologies must use the most up-to-date anti-virus software, this includes personal computers.

·       Personal equipment that is used to connect to the Capital College's networks must meet all the requirements of Capital College-owned equipment for remote access.

·       Organizations or individuals who wish to implement non-standard Remote Access solutions to the Capital College production network must obtain prior approval from the Capital College’s security team at IIT.  The current team is: Terry Majzlik, John Baskwill and Robert Brinkley.

 

5.0  Enforcement

a.       Any employee found to have violated this guideline may be subject to disciplinary action by their Administrative unit, the College, or the University and/or billing on a time and materials basis to the department that used the resource.

 

6.0  Definitions

a.     Host – Webopedia.com:  A computer system that is accessed by a user working at a remote location.

b.     Frame Relay – Webopedia.com: A packet-switching protocol for connecting devices on a Wide Area Network (WAN).

c.     Wide Area Network – Webopedia.com:  A computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs).

d.    ISDN – Webopedia.com:  Abbreviation of integrated services digital network, an international communications standard for sending voice, video, and data over digital telephone lines or normal telephone wires.

e.    LAN – Webopedia - A computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. The Penn State Harrisburg campus IIT maintains four LAN's.  These are the academic (wired), wireless, mobility (wired) and administrative (wired).  Additionally, a fifth LAN, Housing and Food Services (wired), is maintained by Housing and Food Services at University Park.

7.0  Revision History

Updated: 6 March 2004, wjb

Last updated 1 August, 2005, ryb2

OFFICIAL APPROVAL:  1-17-08 MSK5